Cyber-criminals are turning from large spamming operations to targeted, spear-phishing attacks, according to a report from Cisco Systems. There has been a significant decline in revenues generated from mass spam and phishing campaigns, according to the report from Cisco Security Intelligence Operations.
Worldwide revenues from high-volume spamming decreased from $1.1 billion in June 2010 to $300 million in June 2011, a drop of two-thirds. In comparison, revenues from targeted attacks quadrupled from $50 million to $200 million over the same time period, Cisco said in its report.
Attackers are moving away from mass attacks because of low conversion rates, according to the report. Spam operations have always relied on the concept of casting a wide net in order to catch a few people who will fall for the scam. Since the upfront costs aren’t that high for the cyber-criminal, netting even a handful of victims was profitable. However, Cisco researchers found that the "value per victim" in a targeted attack was roughly 40 times higher than from a mass attack, and conversion rates were much more attractive.
Fully 70 percent of those who see a targeted spear-phishing e-mail message opened it, and half of those clicked through to the malicious Web site or opened the attachment. Scammers generally send out fewer targeted spam messages than in a mass spam attack, but make more per campaign because of the higher likelihood of fooling victims.
The report, titled " Email Attacks: This Time It’s Personal," was based on responses from 361 IT professionals from 50 countries.
For more, read the eWeek article Spear Phishing More Profitable than Mass Spam for Cyber-Criminals.